Downloads provided by UsageCountsUnveiling the potential of Graph Neural Networks for robust Intrusion Detection
Copyright policy )EC| NGI-POINTER
Pujol Perich, David; Suárez-Varela Maciá, José Rafael; Cabellos Aparicio, Alberto; Barlet Ros, Pere;
Unveiling the potential of Graph Neural Networks for robust Intrusion Detection
The last few years have seen an increasing wave of attacks with serious economic and privacy damages, which evinces the need for accurate Network Intrusion Detection Systems (NIDS). Recent works propose the use of Machine Learning (ML) techniques for building such systems (e.g., decision trees, neural networks). However, existing ML-based NIDS are barely robust to common adversarial attacks, which limits their applicability to real networks. A fundamental problem of these solutions is that they treat and classify flows independently. In contrast, in this paper we argue the importance of focusing on the structural patterns of attacks, by capturing not only the individual flow features, but also the relations between different flows (e.g., the source/destination hosts they share). To this end, we use a graph representation that keeps flow records and their relationships, and propose a novel Graph Neural Network (GNN) model tailored to process and learn from such graph-structured information. In our evaluation, we first show that the proposed GNN model achieves state-of-the-art results in the well-known CIC-IDS2017 dataset. Moreover, we assess the robustness of our solution under two common adversarial attacks, that intentionally modify the packet size and interarrival times to avoid detection. The results show that our model is able to maintain the same level of accuracy as in previous experiments, while state-of-the-art ML techniques degrade up to 50% their accuracy (F1-score) under these attacks. This unprecedented level of robustness is mainly induced by the capability of our GNN model to learn flow patterns of attacks structured as graphs.
FOS: Computer and information sciences, Ordinadors, Xarxes d' -- Mesures de seguretat, Computer Science - Machine Learning, :Informàtica::Intel·ligència artificial::Aprenentatge automàtic [Àrees temàtiques de la UPC], Cybersecurity, Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Àrees temàtiques de la UPC::Informàtica::Intel·ligència artificial::Aprenentatge automàtic, Seguretat informàtica, Machine Learning (cs.LG), Neural networks (Computer science), Computer Science - Networking and Internet Architecture, :Informàtica::Seguretat informàtica [Àrees temàtiques de la UPC], Computer security, Computer networks -- Security measures, Machine learning, Aprenentatge automàtic, Xarxes neuronals (Informàtica), Networking and Internet Architecture (cs.NI), Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica, Graph neural networks, Artificial Intelligence (cs.AI), Network intrusion detection, Cryptography and Security (cs.CR)
FOS: Computer and information sciences, Ordinadors, Xarxes d' -- Mesures de seguretat, Computer Science - Machine Learning, :Informàtica::Intel·ligència artificial::Aprenentatge automàtic [Àrees temàtiques de la UPC], Cybersecurity, Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Àrees temàtiques de la UPC::Informàtica::Intel·ligència artificial::Aprenentatge automàtic, Seguretat informàtica, Machine Learning (cs.LG), Neural networks (Computer science), Computer Science - Networking and Internet Architecture, :Informàtica::Seguretat informàtica [Àrees temàtiques de la UPC], Computer security, Computer networks -- Security measures, Machine learning, Aprenentatge automàtic, Xarxes neuronals (Informàtica), Networking and Internet Architecture (cs.NI), Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica, Graph neural networks, Artificial Intelligence (cs.AI), Network intrusion detection, Cryptography and Security (cs.CR)
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).68 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Top 1% influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Top 10% impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Top 1% views 102 downloads 250 - 102views250downloads
selected citations
Citations provided by BIP!
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
Citations provided by BIP!popularityPopularity provided by BIP!
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
Popularity provided by BIP!influenceInfluence provided by BIP!
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
Influence provided by BIP!impulseImpulse provided by BIP!
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
Impulse provided by BIP!viewsViews provided by UsageCounts
Views provided by UsageCountsdownloadsDownloads provided by UsageCounts
Downloads provided by UsageCounts 68
Top 1%
Top 10%
Top 1%
102
250
Green
Fields of Science
Funded by
Related to Research communities